Using AI with Client & Employee Data: Is It Legal?

If your company uses ChatGPT, Claude, Gemini or Copilot to draft emails, summarise contracts or prepare internal analyses — and by now, almost all companies do, even if management isn't always aware of it — there is a recent US ruling worth knowing about before you go any further. Not because it will apply in Spain (it won't), but because it clearly illustrates a problem that the GDPR has regulated since 2018 and that most companies may be overlooking.

Written by Josep Conesa

Employment and insolvency lawyer

Learn more

What does the Heppner case say about AI use and confidentiality?

The Heppner case does not hold that using AI always destroys confidentiality. The key point is that using a consumer AI tool, without legal supervision and without a clear expectation of confidentiality, may prevent a party from invoking attorney-client privilege.

On 17 February 2026, Judge Jed Rakoff (United States District Court for the Southern District of New York) issued his ruling in United States v. Heppner, a securities fraud case. The defendant had used Claude in its consumer version — the free version available to anyone — to generate legal analysis on his own, without any instruction from his lawyers. When the FBI seized his devices and found these documents, the defence invoked attorney-client privilege.

The judge rejected the claim. And the headlines that circulated on social media — "federal judge rules that using AI destroys attorney-client privilege" — are false, or at the very least deeply misleading.

What the ruling actually says is far more limited:

AI is not a lawyer: it cannot establish an attorney-client relationship.
There was no expectation of confidentiality: the terms of use of the consumer version allow the provider to use data to train models and share it with third parties. Entering sensitive information into such a tool is equivalent to disclosing it.

He was not acting under legal counsel's direction: he used the tool on his own initiative, not as an auxiliary instrument directed by his lawyer.

Judge Rakoff himself noted that had the lawyer directed the use of the tool, the outcome might have been different under the Kovel doctrine (which extends privilege to experts, translators, and other auxiliaries acting under a lawyer's direction).

Why does this case matter if your company uses AI in Spain?

This case is relevant in Spain because it raises an equivalent issue under the GDPR: when a company shares personal data with an AI tool without a contract, without documented instructions, and without safeguards governing how that data will be processed, it may be in breach of its data protection obligations.

Spain does not have "attorney-client privilege" in the Anglo-Saxon sense, but it does have professional secrecy (Art. 542.3 LOPJ, Art. 32 EGA) and, above all, the GDPR. The logic of the Heppner case is precisely the same as that of the GDPR: if you transfer personal data to a third party without a contractual framework governing how it will be processed, you are breaking the law.

When an employee pastes a candidate's CV, an employee's payslips, a contract containing client data, or someone's medical history into ChatGPT, they are transferring personal data to a data processor. And that processing, without a contract in place, is unlawful.

When does a Spanish company need a DPA (Data Processing Agreement) to use AI tools?

A company needs a DPA whenever it uses an AI tool to process personal data on the organisation's behalf — particularly when it inputs data relating to clients, employees, candidates, suppliers, or other identifiable third parties.

The DPA as a cornerstone requirement in Spain: Article 28 of the GDPR requires that every relationship between a data controller (your company) and a data processor (the AI provider, cloud provider, email marketing platform, etc.) be governed by a written contract. That contract is known as a DPA (Data Processing Agreement), and it must cover, at a minimum:

The purpose, duration, nature, and subject matter of the processing.
The categories of personal data and data subjects affected.
Confidentiality obligations and technical security measures.
Prohibition on sub-processing without authorisation (sub-processor regime).
Treatment of international data transfers (European Commission standard contractual clauses where data leaves the EEA).
Assistance with data subject rights and breach notification.
Fate of data upon contract termination (return or deletion).
Audits and information obligations.

Without a DPA, your company is exposed to fines from the Spanish Data Protection Agency (AEPD) of up to 4% of total annual global turnover or €20 million, whichever is higher.

Can a company use the free version of ChatGPT with client, employee or candidate data?

No. A company should not use the free version of ChatGPT or other consumer AI tools with client, employee or candidate data where there is no signed DPA, no confidentiality guarantees and no control over how that data is processed.

Here is the specific problem. When an employee opens chat.openai.com using a personal or free account and pastes client information into it, your company:

Has no signed contract with OpenAI as data processor.
Has no control over whether that data is used to train models.
Has no guarantees as to where the data is stored or for how long.
Cannot demonstrate to a Spanish Data Protection Agency (AEPD) inspection that it complies with Article 28 GDPR.

This is precisely the Heppner scenario: use of a consumer tool, with no contractual framework, involving sensitive data. The difference is that in Spain the problem is not merely losing professional privilege in litigation — it is a direct administrative infringement.

What guarantees do enterprise AI versions provide?

Enterprise AI versions can offer the guarantees that are absent in consumer use: a DPA, commitments not to train on client data, security measures, sub-processor controls, data retention options and mechanisms for managing international transfers.

The Enterprise, Team and API plans offered by the main providers (Anthropic, OpenAI, Microsoft, Google) do include a DPA. Anthropic, for example, incorporates its DPA by reference into its Commercial Terms and contractually commits to:

Not training models on client data.
Applying encryption in transit and at rest.
Allowing Zero Data Retention (ZDR) configurations for sensitive data flows.
Offering regional deployments (e.g., Bedrock in the EU) to avoid problematic international transfers.

This makes the processing lawful under the GDPR. That does not automatically remove the need for impact assessments (DPIAs) where applicable, records of processing activities, and internal training — but at least the contractual basis is in place.

What steps should a Spanish company take before using AI with personal data?

Before using AI with personal data, a Spanish company should identify which tools are in use, prohibit free-tier versions for sensitive data, engage providers with a signed DPA, update its records of processing activities, assess whether a DPIA is required, and train its teams.

Audit which AI tools are actually being used. Not the ones management thinks are in use — the ones that actually are. There are usually more than expected, and they are often linked to personal accounts.
Block the use of free-tier versions for client, employee, or supplier data. This is a straightforward internal policy to draft and communicate.
Procure enterprise plans with a signed DPA for providers the organisation intends to use on an ongoing basis. Keep a copy of the signed DPA: it will be the first document the Spanish Data Protection Agency (AEPD) requests during an inspection.
Update the record of processing activities (RPA) to include new processors (OpenAI, Anthropic, Microsoft 365 Copilot, etc.).
Assess whether a DPIA is required (data protection impact assessment). For processing involving special category data — health data, sensitive employment data, large-scale profiling — a DPIA is mandatory.
Train your team. The majority of AI-related data breaches do not stem from cyberattacks, but from well-intentioned employees pasting information where they should not.
Review contracts with clients. If your company processes third-party data on behalf of a client — as is common in consultancies, accountancy firms, and agencies — and intends to use AI in that processing, you will need the client's approval and may need to update the DPA already in place with them.

The conclusion

The Heppner case does not say that AI is incompatible with confidentiality. It says that using consumer-grade tools without a contractual framework is. In the United States, that translates into losing privilege in litigation. In Spain, it also translates into a breach of GDPR with immediate financial consequences.

The good news is that the problem has a known technical and legal solution: business-tier plans, signed DPAs, clear internal policies, and staff training. Companies that take that step now will be in a stronger legal and competitive position than those that continue acting as if the problem does not exist.

AI in the business environment is not the risk. The risk is using it as if it were an internet search engine, when legally it is a data processor to whom we are handing over personal data every day.

If you need advice, Conesa Legal can help — both with in-house professionals who are implementing AI with GDPR compliance in mind (LLM CLI, Openclaw, Ollama, etc.), and with specialist collaborators in data protection: